Updating an intermediate CA for a 128 bit SSL cert

Similar Messages

• 128-bit SSL question

  We are using domestic strength SSL (128 bit) with Weblogic
            5.1 sp5. It looks like browsers that support 128-bit
            encryption are fine, but those that support a lower
            encryption level (i.e. 56-bit or 40-bit) cannot connect. I
            was expecting this, but is there anyway to find out what
            browser is being used and let them know that they need a new
            browser? I know we can do this when they connect via HTTP,
            but what if they connect directly to a secure page? Getting
            a "Page cannot displayed message" isn't the best option.
            BTW the error message that I am getting when those browsers
            connect is a "BadMACException"? Has anyone had any
            experience with this? Is this caused by browsers that
            connect at the wrong encryption levels?
            Thanks,
            Shaun
            

  Robert Patrick wrote:
  From my understanding, it is already included in the code you have. You
  just need to get a special license key from your BEA sales rep...
  Actually yes or no on this:
  Yes the installer bundles both "export" and "domestic(128bit)" files in
  them; however, the domestic files will be installed only when domestic
  strength license is detected at the installation time. So if you get a
  domestic strength license after you installed the product, you will need to
  reinstall the product with your new domestic strength license in place
  ($BEAHOME).
  -Dan
  >
  BEA Systems wrote:
  Does anybody know where I can get 128-bit SSL for Weblogic Server 6.0?

• CSS 40/128 bit SSL recognition

  Is it possible for a CSS (11501 SSL) to detect the browser version of an incoming client to see if he is able to do 128 bit SSL or only 40 bit SSL? Is that in the HTTP header, if so, where / which string / ...?
  Thanks for any helpful comment,
  Uli

  the CSS in general can detect the browser type with the command 'header-field-group' and the 'header-field user-agent ...'
  Otherwise, when you define your ssl-server, you need to specify the cipher mode accepted by the module.
  You can list 40 bits cypher modes and 128 bits cipher modes.
  The SSL protocol will negotiate the best one.
  Gilles

• Does firefox browser support 128-bit SSL?

  I am trying to access a bank i work for who just upgraded their system.

  Firefox supports 256 bit since 2002 in Firefox 2, so 128 bit is no problem.
  * https://www.fortify.net/sslcheck.html
  If websites complain about 128 bit encryption not available then that can be caused by the "U;" that is no longer present in the Firefox 4 user agent.
  *http://en.wikipedia.org/wiki/User_agent#Encryption_strength_notations
  You can see the current user agent on the Help > Troubleshooting Information page.
  You can try to add "U;" via variations for the user agent setting like posted below via the pref general.useragent.override to see if that works.
  If you update Firefox then you need to adjust the Gecko (rv:) and Firefox version to reflect the currently installed version.
  Some examples (Vista is 6.0 - Windows 7 is 6.1):
  * Mozilla/5.0 (Windows NT 6.0; U; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
  * Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
  * User Agent Switcher: https://addons.mozilla.org/firefox/addon/59

• I get a download error when I try to update to 10.5 for Windows 64 bit.

  I had to revert back to previous version but library file is the new version.  It starts downloading like normal and then begins to back up.  I tried to do it manual with same results.  Any ideas?

  You can't, Anh.  That's what people are telling you.  At this time there's no way to get out of recovery mode.   You're playing around with beta software and this is what you get.
  Tell your "developer friend" he needs to talk to other developers to see if this can be fixed, or have him replace your devices that you should never have let him play with to begin with.

• SSL 128 bits on OAS 4.0.8.1 for LINUX ?

  We used to use the solaris version. To reduce cost, we are moving to Linux. Before, when you needed 128 bits security, you had to order a special patch from tech support.
  The linux version we received is the export version and it is NOT 128 bits SSL.
  Does 128 bits SSL exist ?
  Also, LINUX support from oracle seems REALLY BAD. I'm wondering if we're doing a nice move here... ?
  Thanks
  null

  After I fixed some of the things I broke while searching for the wrksf failure, the PL/SQL Cartridge now works for me too. And, after failing to get the DB Browser to work by loading it into the SCOTT schema, I got it to work by loading it into SYS. (SCOTT can't see the DBA_* views so loading the DB Browser into the database failed.) I haven't tried any Java Servlets yet, but that's next on my list.
  If you want to try my wrksf workaround, rather than using Christoph's, here's how you can do it.
  1. Backup liborb.so in the $ORACLE_HOME/orb/4.0/lib directory, just in case something goes wrong.
  2. Using a hex editor, such as emacs hexl-find-file or ghex, to edit liborb.so, find the string "/proc/stat".
  3. Change the directory, "/proc" to something like "/pfoo" and write the shared library file back to liborb.so. You now have the required modified liborb.so.
  4. Make the /pfoo directory and cp /proc/stat /pfoo.
  5. Edit /pfoo/stat and duplicate the first line, which should be the cpu line. This will let the metrics parser handle it. Make sure that /pfoo/stat has read access.
  Of course, the values that the metrics code gets are now bogus, but that does not seem to be a fatal problem.
  Hopefully somebody from Oracle is reading this and the real fix will be in the mail soon.

• WLS (40-bit) to WLS (128 bit) installation

  Hopefully this will help shed some light on the subject.
  Terry
  If you receive the following warning:
  <I> <Security> WARNING: Exportable (weak) WebLogic Server build running and
  domestic (full) strength SSL license detected. Only exportable strength SSL
  connections will be accepted.
  This indicates that you have a full strength certificate but a weak strength
  build of the server. For full strength encryption there is a different WLS
  build. The generally-available (weak/40-bit) version of WLS 5. 1 supports
  512-bit certificates and 40-bit bulk data encryption. The full strength
  (128-bit) WLS 5.1 build supports 768-bit and 1024-bit certificates and
  128-bit bulk data encryption. Your sales contact can provide the required
  forms and a special URL to download the full strength build of WebLogic.
  The installation for the 128-bit version is the same as the installation for
  the 40-bit version. When converting to the 128-bit version a complete
  re-installation is necessary. If you are installing service packs, please
  note that although Service Packs 1-5 are the same for both the 40-bit and
  128-bit versions, SP6 for the 128-bit version is a controlled release. In
  order to obtain SP6 for WLS 5.1 (128-bit), you will need to contact your
  sales representative who will be able to provide a URL where it can be
  downloaded.
  Some other notes concerning the 128-bit installation. First, ensure that
  you are using the permanent license that has been updated with the 128-bit
  key. Second, for information on setting up WLS SSL (i.e. installing
  1024-bit security certificates), please see the documentation at:
  http://www.weblogic.com/docs51/classdocs/API_secure.html.
  It is my understanding that the difference between the 40-bit and 128-bit
  versions of WLS 5.1 is in the encryption/decryption module. Since the
  difference is limited to this particular module, transitioning from the
  40-bit to the 128-bit version should be transparent as far as WLCS (3.1.1
  SP1 & 2.01 SP2) is concerned. This is supported by the fact that there is a
  single version of WLCS for both domestic use and export use.
  A couple of general notes concerning WLCS 3.1.1/2.0.1 installations running
  on top of WLS 5.1 (40-bit or 128-bit) SP6:
  WLCS 3.1.1: To date, support cases have not been received with a WLCS
  3.1.1 installation running on top of WLS
  5.1 (40-bit/128-bit) SP6 where SP6 has been determined to be the
  problem.
  WLCS 2.0.1: With one minor exception (see Solution S-05838 below),
  support cases have not been received with a
  WLCS 2.0.1 installation running on top of WLS 5.1 (40-bit/128-bit) SP6
  where SP6 has been determined to be the
  problem.
  A couple of general notes concerning WLCS 2.01 and WLS 5.01 (40- or 128-bit)
  Service Packs 1-6:
  - There have been problems when using SP1, SP2 and SP3 for WLS 5.
  - Therefore, SP4 (minimum) is required.
  - To date, support cases have not been received where SP5 has been
  determined to be a problem.
  - There is one small issue related to SP6 (see Solution S-05838 below).
  Otherwise, support cases have not been
  received where SP6 has been determined to be a problem.
  - Following the SP6 installation, all the JSPs will need to be
  recompiled. Due to the custom tags used in WLCS 2.0.1,
  the JSPs cannot be pre-compiled. Therefore, recompiling will occur as
  the pages are accessed.
  Please see the release notes that accompany each service pack downloads for
  issues that are resolved with each particular
  service pack.
  Solution S-05838
  A better solution to the problem: WLCS 2.0.1 only: DataLoader script causes
  ASCClientException with WLS 5.1 SP6
  Old Solution:
  Use WLS 5.1 SP5 to run the DataLoader, THEN upgrade to SP6.
  New Solution:
  You can run the DataLoader without exceptions for WLCS 2.0.1 SP2 and WLS 5.1
  SP6 if you modify the script to use t3 socket connections instead of http.
  Open the DataLoader script for editing and change the two appearances of
  "http://" to "t3://".

  You need to contact your sales rep and get the domestic strength version of
  WLS.
  Michael Girdley
  Product Manager, WebLogic Server
  BEA Systems Inc.
  Ravi Kumar.T <[email protected]> wrote in message
  news:8945ju$lu8$[email protected]..
  Where to specify the no of bits for encryption for SSL. Is it depend on
  verisign certificates installed!!
  We are using we weblogic 4.5.1 on Solaris. and my site is having following
  encryption
  SSL 3.0, RC4 with 40 bit encryption (Low); RSA with 512 bit exchange
  and I have seen some other sites are having
  SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange
  thanks..
  ravi

• WEP 128 bit 26 hex digit problem

  Can't seem to use the passwords generated by the linksys router for WEP 128 bits 26 hex digits encryption. WEP 64 bits works. Why?
  Thanks

  The $ before the password didn't work. Tried WEP password and 40/128 hex but 40/128 hex won't allow a $ before the password. I wish there was a place to just use the Passphrase on the Mac. Using a linksys router.

• XI - 128 Bit encryption

  Whether XI (3.0, SP 16) is capable of doing 128 bit SSL Encryption? We are in the process of making a bridge with our external partners (B2B).
  We want to install Certificates, and want to do the Encryption?
  Who will install the Certificates? From where we can buy these certificates?
  Who will do this process?
  What are all the other points that we need to remember when we do this 128 bit Encryption?
  Thanks

  Hi,
  SSL is supported by WebAS, and XI is just an application on top of it.  The certificates are entered using the Visual Administrator, and also in the ABAP environment, depending on whether you also plan to use it with the SOAP adapter.  The configuration is normally done by the basis person.
  128-bit is supported.  You can get certificates from various providers, e.g. Verisign.  To work with a partner who has an user certificate, that user will have to provide you with his public certificate.
  The XI Configuration Guide that comes with the installation CD have the instructions.  Also, you can access that following weblogs for additional info:
  /people/gregor.wolf3/blog/2005/10/11/setup-https-ssl-for-the-sneak-preview-sap-netweaver-04-abap-edition-on-windows
  /people/thomas.jung3/blog/2005/05/13/calling-webservices-from-abap-via-https
  Regards,
  Bill

• Problems with IE and 128-bit encryption -- correction

  Repost with corrected e-mail address -- sorry!
  Hello. I'm having a problem with 128-bit SSL and Internet Explorer.
  I'm using WebLogic 5.1 (128-bit build) and a Verisign certificate.
  We're seeing some strange behavior with Internet Explorer. It seems to
  work fine from some machines, but doesn't work from others. On the ones
  that it doesn't work, it gives the "The page cannot be displayed"
  message. I've tried this with IE 4.0.1 (with 128-bit patch) and IE 5.5
  (128-bit by default) and have the same problems with both. We're seeing
  this problem across various Windows operating systems, but aren't seeing
  any pattern there. Any ideas as to what might be the problem?
  Thanks in advance,
  Steve

  The Mozilla browsers which include Firefox has supported 256-bit even encryption for a long time now.
  The issue could perhaps be the e-qip site is still looking for the old obsolete '''U''' in the useragent which was used to specify the encryption strength of 128-bit though 256-bit has been supported for a long while already at time by Mozilla applications. This "U" was removed in Firefox useragent as of 4.0 which was released March 22nd, 2011. The old 3.6.x was the last to have it.
  http://en.wikipedia.org/wiki/User_agent#Encryption_strength_notations
  https://hacks.mozilla.org/2010/09/final-user-agent-string-for-firefox-4/

• Problems with IE and 128-bit encryption

  Hello. I'm having a problem with 128-bit SSL and Internet Explorer.
  I'm using WebLogic 5.1 (128-bit build) and a Verisign certificate.
  We're seeing some strange behavior with Internet Explorer. It seems to
  work fine from some machines, but doesn't work from others. On the ones
  that it doesn't work, it gives the "The page cannot be displayed"
  message. I've tried this with IE 4.0.1 (with 128-bit patch) and IE 5.5
  (128-bit by default) and have the same problems with both. We're seeing
  this problem across various Windows operating systems, but aren't seeing
  any pattern there. Any ideas as to what might be the problem?
  Thanks in advance,
  Steve

  This forum is for Microsoft Exchange.  Consider posting your question in the most appropriate Windows 8.1 forum here:
  http://social.technet.microsoft.com/Forums/windows/en-US/home?category=w8itpro
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• BB Browser Cipher RC4 128 bit Security Concerns

  When you check Browserspy from your BlackBerry browser via this link:
  http://browserspy.dk/
  Then select "Security" from the list
  Then select "SSL Encryption Check"
  For my Z30 I get RC4 128 bit (see picture.)
  I also get the same results using this test:
  https://www.fortify.net/
  There are security concerns for RC4 128 bit to the extent Microsoft has recommended not using it.  See these two links:
  http://en.wikipedia.org/wiki/RC4
  http://technet.microsoft.com/en-us/library/cc179125.aspx
  I do not have any device connecting to the web using RC4 128 bit.
  Is there a way to change the cipher strength or order for the BlackBerry browser?
  (Just as a side note - because BlackBerry uses WebKit for the browser (Apple uses WebKit) a lot of the browser tester sites pick it up as Safari. I woder if browser testing to determine market share doesn't flag some of Blackberry as Apple due to this "confusion.")
  Solved!
  Go to Solution.

  foryour information, here is what I get for my desktop browsers :
  AES128 for Mozilla Firefox 36.0
  AES128 for Google Chromium 42.0
  AES256 for MS Internet Explorer 11
  and also...
  AES128 for Mozilla Firefox 35.0.1 APK on my Passport
  The search box on top-right of this page is your true friend, and the public Knowledge Base too:

• Upgrading to 128-bit encryption

  Hello,I would like to know what steps are necessary to upgrade to 128 bit SSL encryption from 40 bit?Currently we have a valid commercial license with key for Tengah/SSL, expiration=never.Any info is greatly appreciated.Thanks,Rick Ellmakeremail: [email protected]

  Hi Arshad,
  You have to make sure that you are using the domestic version of WLS(full
  strength) and when weblogic
  boots up it gets the correct license for SSL128. By any chance, if
  configuration is wrong it will spit out
  error message at srart up.
  (NOTE : make sure you use domestic version of Service pack if needed.)
  -utpal
  "Arshad Aziz (Verizon)" <[email protected]> wrote in message
  news:3c8e2136$[email protected]..
  I currently have weblogic 5.1 running. Need to upgrade to 5.1 with 128 bitencryption. Already have the SSL and SSL128 Tenga keys for it. Alos have the
  new build for the 128 bit.
  >
  Do, I just add these SSL128 keys to the existing PRODUCT keys that I haverunning on the machine after installing the new build ?? Or do I need new
  Product keys for the 128 bit encryptions also.

• 128 bit music problem

  I just figured out that I turned this option on a while ago and that is why I could no longer synch photos to my iPhone 4, Apple tv or iPad. I turned it off and photos are synching again!!
  Just reported it to Feedback.
  So you can squeeze more music on but you give up photos.........

  Bonita,
  There is a special 128 bit service pack for the 128 bit version of WLS 5.1.
  Please contact support to get the 128 bit service pack. Whomever helps
  you will need to verify that your company is qualified to receive the 128 bit
  version.
  Kaye

• New iPad asks for WiFi password. There is none. My WiFi uses WEP 128 bit encryption, but there is no "password" to enter.

  Brand new to the iPad. It's asking for a password to the WiFi network in my home. There is no "password" as such associated with this WiFi network. It uses WEP 128 bit encryption where each byte is a hexadecimal number and is called a "key" Typing this lengthy thing in gives me no results. The iPad keeps on asking for a password. I have three computers and a DVD hooked to the network which has been working for a decade, so that's not the issue.
  Basically I'm stuck not being able to get onto the WiFi system.

  iOS 6 Wifi Problems/Fixes
  Fix For iOS 6 WiFi Problems?
  http://tabletcrunch.com/2012/09/27/fix-ios-6-wifi-problems/
  Did iOS 6 Screw Your Wi-Fi? Here’s How to Fix It
  http://gizmodo.com/5944761/does-ios-6-have-a-wi+fi-bug
  How To Fix Wi-Fi Connectivity Issue After Upgrading To iOS 6
  http://www.iphonehacks.com/2012/09/fix-wi-fi-connectivity-issue-after-upgrading- to-ios-6.html
  iOS 6 iPad 3 wi-fi "connection fix" for netgear router
  http://www.youtube.com/watch?v=XsWS4ha-dn0
  Apple's iOS 6 Wi-Fi problems
  http://www.zdnet.com/apples-ios-6-wi-fi-problems-linger-on-7000004799/
  ~~~~~~~~~~~~~~~~~~~~~~~
  Look at iOS Troubleshooting Wi-Fi networks and connections  http://support.apple.com/kb/TS1398
  iPad: Issues connecting to Wi-Fi networks  http://support.apple.com/kb/ts3304
  WiFi Connecting/Troubleshooting
  http://www.apple.com/support/ipad/wifi/
  How to Fix: My iPad Won't Connect to WiFi
  http://ipad.about.com/od/iPad_Troubleshooting/ss/How-To-Fix-My-Ipad-Wont-Connect -To-Wi-Fi.htm
  iOS: Connecting to the Internet
  http://support.apple.com/kb/HT1695
  iOS: Recommended settings for Wi-Fi routers and access points  http://support.apple.com/kb/HT4199
  Additional things to try.
  Try this first. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
  Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
  Change the channel on your wireless router (Auto or Channel 6 is best). Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
  Another thing to try - Go into your router security settings and change from WEP to WPA with AES.
  How to Quickly Fix iPad 3 Wi-Fi Reception Problems
  http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
  If none of the above suggestions work, look at this link.
  iPad Wi-Fi Problems: Comprehensive List of Fixes
  http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
  Fix iPad Wifi Connection and Signal Issues  http://www.youtube.com/watch?v=uwWtIG5jUxE
  Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
  Unable to Connect After iOS Update - saw this solution on another post.
  https://discussions.apple.com/thread/4010130
  Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
  ~~~~~~~~~~~~~~~
  If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
   Cheers, Tom